• Post Reply Bookmark Topic Watch Topic
  • New Topic

Doubt in Auth-Constraint  RSS feed

 
Ranch Hand
Posts: 437
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<security-constraint>
....
<auth-constraint>
<role-name>Member<role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
...
<auth-constraint/>
</security-constraint>

My doubt is who is given access?


Thanks in advance.
 
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
when any role name is combined with an empty <auth-constraint/> tag, no one is given access.
So , in your case no one (not even Member) can access it.
Thanks
 
Ranch Hand
Posts: 10128
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is very clearly explained in the Head First in the security chapters.
 
Ranch Hand
Posts: 392
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


If the same url (resource) are constrained, then only no one will be able to access the constrained resource..
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!